BIND 10 trac2189, updated. 10da91d4dcb3baf1b040864bf60cd89d82a80e8f [2189] various minor changes
BIND 10 source code commits
bind10-changes at lists.isc.org
Wed Sep 26 14:32:24 UTC 2012
The branch, trac2189 has been updated
via 10da91d4dcb3baf1b040864bf60cd89d82a80e8f (commit)
from d0a5d03e219ccb645894c8afe41e1bd548ff83e1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 10da91d4dcb3baf1b040864bf60cd89d82a80e8f
Author: Jeremy C. Reed <jreed at ISC.org>
Date: Wed Sep 26 09:31:51 2012 -0500
[2189] various minor changes
minor grammar or wording changes
use mdash xml entity instead of unicode character
fix typo for Trac
fix example out of the configuration name
use xref tag instead of link tag (so reference is not lost in non-hyperlink
document)
keyring to key ring
fix punctuation (mistake in original)
minor grammar (mistake also in original)
-----------------------------------------------------------------------
Summary of changes:
doc/guide/bind10-guide.xml | 36 +++++++++++++++++++-----------------
1 file changed, 19 insertions(+), 17 deletions(-)
-----------------------------------------------------------------------
diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml
index fcb55fe..4b2061f 100644
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -1332,14 +1332,14 @@ TODO
<para>
Each key has three attributes. One is a name by which it is referred
both in DNS packets and the rest of the configuration. Another is the
- algorithm used to compute the signature. And the last part is base64
- encoded secret, which might be any blob of data.
+ algorithm used to compute the signature. And the last part is a
+ base64 encoded secret, which might be any blob of data.
</para>
<para>
The parts are written into a string, concatenated together by colons.
- So if you wanted to have a key called "example.key", used as HMAC-MD5
- key with secret "secret", you'd write it as:
+ So if you wanted to have a key called "example.key", used as a
+ HMAC-MD5 key with secret "secret", you'd write it as:
<screen>"example.key.:c2VjcmV0:hmac-md5"</screen>
</para>
@@ -1370,25 +1370,25 @@ TODO
<title>Key ring</title>
<para>
The key ring lives in the configuration in "tsig_keys/keys". Most of
- the system uses the keys from there ‒ ACLs, authoritative server to
- sign responses to signed queries, the <command>b10-xfrout</command>
+ the system uses the keys from there — ACLs, authoritative server to
+ sign responses to signed queries, and <command>b10-xfrout</command>
to sign transfers. The <command>b10-xfrin</command> uses its own
- configuration for keys, but that will be fixed in track ticket
+ configuration for keys, but that will be fixed in Trac ticket
<ulink url="http://bind10.isc.org/ticket/1351">#1351</ulink>.
</para>
<para>
The key ring is just a list of strings, each describing one key. So,
to add a new key, you can do this:
- <screen>> <userinput>config add tsig_keyring/keys "example.key.:c2VjcmV0"</userinput>
-> <userinput>config show tsig_keyring/keys</userinput>
+ <screen>> <userinput>config add tsig_keys/keys "example.key.:c2VjcmV0"</userinput>
+> <userinput>config show tsig_keys/keys</userinput>
tsig_keys/keys[0] "example.key.:c2VjcmV0" string (modified)
> <userinput>config commit</userinput></screen>
</para>
<para>
- You can keep as many keys as you want in the key ring, but they must
- have a different name each.
+ You can keep as many keys as you want in the key ring, but each must
+ have a different name.
</para>
</section>
</section>
@@ -1458,8 +1458,9 @@ AND_MATCH := "ALL": [ RULE_RAW, RULE_RAW, ... ]
<para>
The other is TSIG key by which the message was signed. The ACL
contains only the name (under the name "key"), the key itself
- must be stored in the global <link linkend="tsig-key-ring">key ring</link>. This
- property is applicable only to the DNS context.
+ must be stored in the global key ring (see <xref
+ linkend="tsig-key-ring"/>).
+ This property is applicable only to the DNS context.
</para>
<para>
@@ -2233,7 +2234,7 @@ Xfrout/transfer_acl[0] {"action": "ACCEPT"} any (default)</screen>
<para>
If you want to require TSIG in access control, a system wide TSIG
- <link linkend='tsig-key-ring'>key ring</link> must be configured.
+ key ring must be configured (see <xref linkend="tsig-key-ring"/>).
In this example, we allow client matching both the IP address
and key.
</para>
@@ -2243,7 +2244,7 @@ Xfrout/transfer_acl[0] {"action": "ACCEPT"} any (default)</screen>
> <userinput>config commit</userinput></screen>
<para>Both <command>b10-xfrout</command> and <command>b10-auth</command>
- will use the system wide keyring to check
+ will use the system wide key ring to check
TSIGs in the incoming messages and to sign responses.</para>
<para>
@@ -2453,11 +2454,12 @@ what is XfroutClient xfr_client??
> <userinput>config commit</userinput>
</screen>
The TSIG key must be configured system wide
- (see <xref linkend="common-tsig"/>.)
+ (see <xref linkend="common-tsig"/>).
</para>
<para>
- Full description of ACLs can be found in <xref linkend="common-acl" />.
+ The full description of ACLs can be found in <xref
+ linkend="common-acl" />.
</para>
<note><simpara>
More information about the bind10-changes
mailing list